http://www.shorewall.net Download it, RTFM, then use. Using the canned configs that are availible for download in numberous areas - one of which is the documentation area,
i.e. http://www.shorewall.net/standalone.htm http://www.shorewall.net/two-interface.htm http://www.shorewall.net/three-interface.htm You can probably be up and running in 30 minutes. Stop doing your firewall by hand, it is a bad idea, and time consuming. js *note: before installing this, I recommend you do this: chkconfig --level 345 ipchains off chkconfig --level 345 iptables off =). On Thu, 2002-12-05 at 19:02, C. Jim wrote: > Trying to set up RH8.0 as a router/firewall for a cable > connection, where the IP address for eth0 is obtained > through DHCP. The IP address of eth1 is a local address of > 192.168.1.1 > > I have enabled ip_forwarding in /etc/sysctl.conf and > verified it on reboot using cat > /proc/sys/net/ipv4/ip_forward. The value is 1, so it's > enabled. > > My firewall is a simple script right now since I haven't > started unenabling services. > > iptables -P INPUT DROP > iptables -A INPUT -i ! eth0 -j ACCEPT > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j > ACCEPT > iptables -A INPUT -j LOG --log-prefix "INPUT_DROP(FW): " > --log-level 6 > iptables -A INPUT -p tcp -i eth0 -j REJECT --reject-with > tcp-reset > iptables -A INPUT -p udp -i eth0 -j REJECT --reject-with > icmp-port-unreachable > > I have tried the following NAT commands but to no avail > one at a time but to no avail. > > iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to > 192.168.1.1 > > iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE > > Thing with it is that I can ping any computer in the LAN > including the RH8 box and get a response. I can ping from > the RH8 box out to the internet. However, I can not ping > from eth0 to eth1 on the box itself using the command > > ping -I eth0 192.168.1.1 and vice-versa. > > Has anyone had this problem??? Seems like ip_forwarding > isn't doing its job. > > I have created a firewall and ipsec VPN server using RH7.3 > without any problems. Does anyone know anything about > this? > > > __________________________________________________ > Do You Yahoo!? > Yahoo! BB is Broadband by Yahoo! > http://bb.yahoo.co.jp/ -- VB programmers ask why no one takes them seriously, it's somewhat akin to a McDonalds manager asking employees why they don't take their 'career' seriously.
signature.asc
Description: This is a digitally signed message part
